how do node acl know or get or read User and Role data at request ?

[dadenewyyt]

For example.

i use jsonwentoken.

after checkingToken i set the req data for the userId.

req.user = "user";

but how do ACL get the user data from request and apply rules and permission. Please am confused ?

[mkjangid]

As per my understanding, you also need to specifically pull out role data from acl. Assuming you already have a role created in acl with allowed resources and saved the user with it, something like

acl.whatResources (req.user.role, function(resources)){
      req.role_data = resources ; 
      //call next function 
      next();
});

Then in your api routes, you might have to specifically check if req.role_data contains access to that resource route.

Or easier is to use the middleware to check permissions before a route as mentioned in the use cases of this library. But then your resource permissions need to be constructed in a fashion that library understands.